https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965470#M440204 <HTML><HEAD></HEAD><BODY><P>So this is by design? If I setup an interface for management only and patch it into my switch, would I then be able to manage the asa from any vlan?</P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Sun, 01 Jul 2012 21:04:06 GMT vgulinolite 2012-07-01T21:04:06Z https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965468#M440200 <P>hello, </P><P></P><P>I am running into a issue that I cannot seem to figure out. I have a asa 5505 with the Security Plus license. I setup a native vlan where all of my network devices sit on. ie my Wireless Access point has an ip of 192.168.3.2, my switch .3. I have no issues managing these devices from any vlan I am on (permitting firewall access rules). When I try to access my ASA via ASDM/SSH. I have to use the gateway of the vlan I am on. For instance. If I am on vlan 10 I have to use 192.168.10.1 for access, if I am on vlan 20 I type 20.1...etc...etc If I type in 192.168.3.1 I get an error in the ASDM logs that states TCP reset by appliance. This is for any gateway I type except for the gateway of the vlan that I am connected to. I am posting a sanitized config. How can I configure the ASA to permit access via any gateway.</P><P></P><P></P><P></P> Mon, 11 Mar 2019 23:25:01 GMT https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965468#M440200 vgulinolite 2019-03-11T23:25:01Z https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965469#M440203 <HTML><HEAD></HEAD><BODY><P>Yes, that is how the ASA works. You can only manage the ASA on the interface where you are connected from, not crossing the interface, with one exception if you are trying to manage the ASA via VPN tunnel, then you can manage 1 cross interface.</P></BODY></HTML> Sun, 01 Jul 2012 04:04:09 GMT https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965469#M440203 Jennifer Halim 2012-07-01T04:04:09Z https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965470#M440204 <HTML><HEAD></HEAD><BODY><P>So this is by design? If I setup an interface for management only and patch it into my switch, would I then be able to manage the asa from any vlan?</P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Sun, 01 Jul 2012 21:04:06 GMT https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965470#M440204 vgulinolite 2012-07-01T21:04:06Z https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965471#M440205 <HTML><HEAD></HEAD><BODY><P>Management-only command just tells the ASA to just pass all the "to the box" traffic which is typically ssh, telnet, http to the ASA. Its not going to alter the behaviour of the ASA and permit management from any vlan. </P><P></P><P>But like Jennifer said, you can manage that same interface designated as management-only through the vpn.</P><P></P><P>The command for the same is "management-access <INTERFACE designated="" as="" management-only="">"</INTERFACE></P><P></P><P>Command reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985</A></P></BODY></HTML> Mon, 02 Jul 2012 06:38:07 GMT https://community.cisco.com/t5/network-security/asa-5505-intervlan-adsm-ssh-access/m-p/1965471#M440205 Gautam Bhagwandas 2012-07-02T06:38:07Z